Text escaped when I want it to show up as html in Flask/jinja2

Question

I pull a feed from rss and store the data in a appengine db. The rss feed content includes the entire html. So I have this python code:

@app.route("/rssRead")
def pullRss():
    feedItem = db.getFeedItemByName(request.args.get('title',None), request.args.get('key',None))
    return render_template("rss.html", data= Markup(feedItem.html).unescape())

And my html template looks like this:

{% extends "layout.html" %}
{% block body %}
{{ data }}
{% endblock %}

So when I view the page I have the actual html markup being displayed, how do I unescape the html data?

Answer 1

This should work too.

{% extends "layout.html" %}
{% block body %}
{{ data|safe }}
{% endblock %}

Answer 2

Instead of data=Markup(feedItem.html).unescape(), you should be using data=Markup(feedItem.html). That will do the right thing and keep your template clean.

Calling unescape() here is pointless (unless feeditem.html contains pre-escaped html, which it probably doesn't). More importantly, using unescape() here produces a string/unicode object instead of a Markup object, which keeps Jinja2 from recognizing that the field contains html that needs escaping. This defeats Jinja2's automatic escaping ability (that's the purpose of the Markup class!) I also forces your future template maintainers to remember that this field requires manual escaping, which clutters the template code with extra calls.